Expert Advice Community

Guest

Filling in the inventory of assets

  Quote
Guest
Guest user Created:   Jan 12, 2016 Last commented:   Jan 12, 2016

Filling in the inventory of assets

When do I do the inventory of information assets? Prior to the risk assessment?
0 0

Assign topic to the user

ISO 27001 RISK ASSESSMENT TABLE

Implement risk register using catalogues of vulnerabilities and threats.

ISO 27001 RISK ASSESSMENT TABLE

Implement risk register using catalogues of vulnerabilities and threats.

Guest
DejanK Jan 12, 2016

Answer: You could do the Inventory of assets first if you wish, but it is easier to start filling in the Risk assessment table first - once you are finished with this table, then you just copy the information to the Inventory of assets. 

When I do the inventory, does every single laptop, server, etc need to be documented? I found this template which was free.

Answer: This is the same with Inventory of assets and Risk assessment table - you don't have to fill in each and every laptop - you can just specify that you have a class called "laptops" and that the owner of each laptop is a person who is using it. Basically, every time you have several assets which have very similar threats and vulnerabilities, in such cases you can specify these classes of assets instead of single assets. 

By the way, you can see a detailed explanation about all this in a video tutorial called "How to Implement Risk Assessment According to ISO 27001."
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 12, 2016

Jan 12, 2016

Suggested Topics

Guest user Created:   Mar 31, 2017 ISO 27001 & 22301
Replies: 1
0 0

Inventory of assets